SentinelOne Singularity Endpoint Reviews

We got rid of our previous vendor, and we went with SentinelOne. We basically use it as our AV platform. In other words, it is supposed to be a solution that is next-gen and can detect ransomware and give us the opportunity to roll back if we are attacked.

The organization wanted to take advantage of their rollback feature so that, if we ever did suffer ransomware, that would help us with triage or remedying the issues.

The rollback feature is the most valuable aspect of the solution. 

In terms of its ability to ingest and correlate across our security solutions, we're still early on. The implementation team has helped us turn on the XDR feature, however, we haven't utilized it as much as we should. We're still testing the capabilities. 

We did a pilot with the Ranger functionality. The organization opted not to purchase it just yet. Long-term, next fiscal year, we may adopt it. It does come at an extra cost. It may be added during the next renewal.

The previous vendor had a lot more features and capabilities under the license. For example, I lost DLP as Sentinel One does not have DLP. By choosing this solution, I created a security gap. 

It has not helped us reduce our alerts. In my last solution, I did not get alert fatigue. We are fresh into the implementation and are getting a lot of false positives. 

We just went live this past year. I would say we have been using the solution for maybe six to eight months.

The product has been up more than it's been down. We typically do get alerts if there is a maintenance window. That's appreciated. There have been times when we have had issues accessing the console. that tends to get resolved quickly. That said, no one vendor can boast resiliency. 

We only have one module or solution from them. We haven't tacked on multiples from a scalability side. However, from a licensing side, it's easy to add extra agents, it's easy.

I've contacted technical support multiple times. The level of satisfaction is 50/50. It depends on who picks up the ticket on their end. If it's a level one help desk versus an engineer will dictate how easily we get an answer or not. If someone is not well-versed on the backend, we'll need to escalate and that takes time. 

We previously used Trend Micro. It was cheaper and had more features under license. However, management was looking for cyber security insurance and methodology. Therefore, management decided to go through Sentinel One.

Getting the solution spun up and put into the environment, and getting it set up to where it's working smoothly, was okay in terms of a process. They are like any other vendor trying to give you a white-glove service.

I was involved in the initial setup.

Once we understood the methodology, it was pretty straightforward. 

I chose to rely on people who knew how the product worked. I relied on their input and insights. We did procure professional services to really get into training and understanding the solution.

The learning curve continues to be the false positives. I've had to create a new exclusion list from scratch. I'm still going through the process. 

New users need to have a work-in period. There will be a period to get all of the little anomalies tweaked out.

There were three of us implementing the solution.

There's no real maintenance to worry about. That's why we purchased the SaaS solution. We do need to update the agent. 

I implemented the solution with the assistance of professional services. 

Purely from a budget perspective, Sentinel One was more expensive than my previous vendor, plus I lost a lot of features. I can't say that I see cost savings yet while using the solution. 

We also piloted CrowdStrike. 

I haven't used the solution in conjunction with any other third-party solutions and can't speak to its integration capabilities. We will do that, we just haven't yet.

The solution hasn't freed up any time. It's the same as our old solution. 

So far, it has not changed our mean time to detect. However, I have not seen a true positive yet. I would need to see a real threat come into my environment yet. This is true with the mean time to respond. The process is exactly the same. I have it configured so that if anything is critical, I get real-time alerts. 

I'd advise new users to hone in on the subject matter experts and grill them during the POC. We were so accustomed to doing workflows a certain way, it was almost like how we had to learn how to walk again when we switched solutions. 

I haven't seen Sentinel One's innovation just yet. We have asked for adjustments or features. We're going through a feature request platform and I have yet to see them implement a feature we requested. My previous vendor, Trend Micro, was very willing to implement changes.

You can't just take it back if you don't like it. It's here to stay. There's no going back to the previous vendor. We need to make it work. We want to stay with them at least a good while.

I'd rate the solution eight out of ten.

I would advise new users to understand what workflows they are accustomed to and how their current setup works so that they can ask a lot of questions during the POC. It's important to fully understand Sentinel One's logic to be successful.

We use SentinelOne Singularity Complete as our endpoint security solution to detect malicious activity and unusual behavior. It is a great tool for analytics and forensic investigations, and it has a good feature for catching threats. I was particularly impressed with this feature.

We implemented SentinelOne Singularity Complete to secure our endpoints.

SentinelOne Singularity Complete has helped us consolidate our security solutions. We can create use cases and workflows in SentinelOne, and analyze alerts and logs. We can also create custom policies based on our needs. For example, we can create workflows for post situations, or detect specific types of attacks, such as persistence or defense evasion techniques. We can use these techniques to create our own custom use cases, which can then be deployed in production to detect these types of threats.

After deploying SentinelOne Singularity Complete, we were confident we would not face any endpoint security threats. SentinelOne was able to block the type of events that were a true positive. Sometimes, we have also received false positives, but SentinelOne should detect this activity. So, that was the expectation, and SentinelOne has met it. This is very helpful.

SentinelOne Singularity Complete met our business needs and requirements. It was easy to deploy and manage as an administrator, and we can manage the console without having to constantly connect to the user or machine. We can do many things from the console alone, such as taking remote sessions, uninstalling any other solutions or products, and performing cleanup activities. This has been very helpful. We saw these benefits within one month of deploying Singularity Complete.

SentinelOne Singularity Complete helped reduce the number of false positive alerts we were receiving with our previous solution.

SentinelOne Singularity Complete has helped us save three hours per day of our staff's time. The single console makes it easy to manage compliance, including health check reports and the applications we are managing. We were able to identify and remediate malicious files through the console, without having to resolve the issue directly with users or other teams. This is a significant improvement.

SentinelOne Singularity Complete has helped reduce our MTTD and our MTTR.

SentinelOne Singularity Complete has helped reduce our organizational costs by eliminating the need for other endpoint security solutions. It is a cost-effective solution that provides comprehensive protection.

It has reduced our organizational risk by 90 percent.

The threat detection and prevention capabilities are valuable, providing development programming support that enables us to perform fair investigations. SentinelOne also provides security for installed devices for all operating systems, including Mac, Windows, and Linux, for users who cannot install SentinelOne themselves and need to connect with the administrator.

SentinelOne Singularity Complete needs to support more common development languages, such as PowerShell and Python so that we can better use the solution.

In the release, I would like to have application management features and pre-defined command features that allow us to take control of the system. 

SentinelOne needs to provide more documentation for administrators and analytics.

I have been using SentinelOne Singularity Complete for six months.

I would rate the stability of Singularity Complete eight out of ten.

I would rate the scalability of Singularity Complete eight out of ten.

We have 24/7 support, but it is just moderate.

Neutral

SentinelOne is more secure and offers better scope for threat hunting on Linux than other security solutions, such as CrowdStrike and Microsoft Defender for Endpoint. SentinelOne Singularity Complete allows us to consolidate solutions and is easy to administer from a single console.

The initial setup is straightforward. After completing the proof of concept, we deploy the Singularity Complete solution for our clients. We install the agent and create group policies for detection and prevention. We use a configuration management solution to deploy Singularity Complete within five to ten minutes.

One person can complete the deployment.

We implemented the solution in-house.

I would rate SentinelOne Singularity Complete seven out of ten.

I would rate SentinelOne Singularity Complete's ability to be innovative eight out of ten.

SentinelOne Singularity Complete has a mature GUI.

We deployed SentinelOne Singularity Complete in one of our client environments with 13,000 machines and 1,000 servers.

SentinelOne Singularity Complete maintenance consists of daily monitoring for updates and prioritizing policies and requires around five administrators.

SentinelOne is a good strategic partner.

SentinelOne Singularity Complete makes it easy to perform operations and investigations.

We use it for our endpoints. It is installed on all of our servers and desktops. It is a replacement for the AV platforms that we used to have. 

Overall, the product monitors what is happening on your machines. It monitors incoming mail and web addresses that your browsers are trying to access. It looks for suspicious activity that may occur on your desktop or on your server and generates alerts based on the type of activity. It might find a malicious file that you downloaded. Like a virus scanner, it would scan something. It might find something that it suspects to be malicious. It will look at that item and go to its own threat intelligence sources to see if it is a known threat. If it is a known threat, it will either block it or do something to it based on how you have pre-configured it. If it suspects something to be a threat but does not have any reference, meaning that it is an unknown threat, then depending on what it detects or how that thing may behave, it would either alert you or suppress or isolate it. It can do a number of things. It depends on the inner workings of the product itself, but our use cases are to protect our endpoints. It is a replacement for our AV, but it is a whole level above what AV used to be. It is the evolution of AV.

We had three different AV platforms in our organization. There was no central way to manage them. We had no complete visibility. From one part of our organization, we had no visibility into another part of our organization. By putting this platform in, we now have one view of the entire organization. We can look at threats as they span our organization. Threats could potentially be moving around. We can detect if they are spreading to other parts. We could not do any of that before.

Singularity Complete has a much better detection engine. It detects a lot more than an AV can. AV is pretty much finished. There would not be AV anymore.

In terms of interoperability, we do not have any other SentinelOne solution. This was our first one. There is not a lot of interoperability between endpoints and everything else. The only interoperability that is useful for us right now is the log data that it provides to our SIEM. It allows us to do correlative analysis between different areas. If we have a threat that could be going from endpoints to internet devices, such as switches, or places where the EDR system is not installed, it becomes valuable when we are sharing data from the EDR and our other systems, and we have a tool that analyzes all that data to look for threats that may span in our entire environment. I do not see the interoperability being a problem with our other tools, and I am sure it would not be an issue amongst SentinelOne's own tools as well, but I do not have any data points on that yet.

Singularity Complete has helped big time to reduce our alerts. In fact, that was my concern with it. I was concerned that we are not seeing too many alerts anymore. I had a meeting with them recently, and I mentioned to them that I feel that we should be getting more alerts. They are going to take a look at our platform to make sure it is working fine, but it seems to be doing a great job of dealing with the alerts in an automated fashion. I became a little bit suspicious that it might be doing too good of a job, so we are just having them double-check. It is just me making sure all my I's are dotted, and my T's are crossed. As a security person, I do not like to have questions out there, but otherwise, it is doing a great job.

It has freed up our time. It takes a lot less time to investigate things. It takes care of a lot of things for us. It has offloaded 30% to 50% of some of the work that we had to do in the past. It allowed us to work and focus more on higher-priority items.

It has absolutely reduced the mean time to detect. It has probably reduced the time to detect by 75% because we just did not have some of these capabilities before.

Singularity Complete has also reduced our mean time to respond but not as much as the mean time to detect. It does a lot of resolution of issues for us. It has probably improved that by 30% to 50% because it does a lot of that automatically, but it frees up our time. We can resolve the stuff that needs our personal assistance a lot quicker because we have more tools and capabilities at our disposal through SentinelOne than we had before.

Singularity Complete has saved us costs big time. We have eliminated three different vendors and the associated maintenance of those platforms. We needed more people and resources to manage three different things, but now, we do everything with just a couple of folks. Our time savings are about 50%.

It has helped reduce our organizational risk because we can detect more things that are hitting us. I cannot give a number on that, but it has definitely reduced our risk exposure. From a pure security standpoint, our risk frame point used to be flagged as red. We were missing a lot of things, and now, it is green.

The single pane of glass is probably the most valuable. That is a big one. We could see everything from one view. 

The automatic detection and response is great. It takes care of a lot of alerts that it generates before they even cross our desks, which is great. 

It has advanced detection capabilities. It has the ability to go and look for known threats that are in the environment. Its ability to detect even unknown threats and any suspicious activity is great. We are very happy with it.

It is not so much on the Singularity platform itself, but they have their own built-in SIEM that is included with it. That needs to evolve a little bit. It is relatively basic in its capabilities. They have potential there for a great product and a needed product too. Having some kind of SIEM capability with the endpoint solution will save me from buying a bigger SIEM or buying another one. I could just use the one that comes with my endpoint solution.

From the looks of it, it does pretty much what we need, but it could do more. It would be nice if it had some newer features that other players have. They would have a good market advantage if they were offering SIEM as a part of it. They kind of do that, but it is not something they are promoting. We just stumbled on it, so you can use it for doing other things as well, not just endpoint incident and event collection.

We installed it in January, and we were doing a gradual ramp-up over three months. It has been up and running for about four months now. It is completely up and running.

We have not had any issues. The performance seems good. 

It seems very scalable. We have not run into any issues. We pushed it over about 2,000 endpoints. It performs the exact same way it has been.

I have not personally contacted them, but my team has contacted them. Especially during deployment, they were very helpful. They helped us to get it done. The feedback I got was positive.

We had three different AV platforms. We eliminated McAfee, Defender, and ESET. Singularity Complete does everything better than these because it has got capabilities that these products did not even have. The biggest thing for us is the single pane of glass, so we can see right down to the machine. It is great at machine isolation, and it has better detection and mitigation capabilities than any of these products. It does a lot of it behind the scenes. A lot of it is automated and does not require us to do anything.

It is a cloud solution with local installs at the endpoints, so everything is cloud.

I manage security for the organization. I was not doing the deployment, but I was a part of the deployment team, the meetings, and the decisions when we were going to do different things. I was not pushing the software to anybody's desktop but my team was.

It was not a difficult installation. Based on the feedback that we got, it was pretty straightforward. It went over relatively smoothly.

It does not require any maintenance. It is cloud-based, so we do not have to do much to it. The endpoints will update themselves periodically, so there is not much for us from a maintenance standpoint. It does not have a lot for us to do.

We acquired our SentinelOne implementation through a reseller. We used the reseller's help, but we did almost 90% of it ourselves. They helped us manage the project piece and provided expertise and guidance. Between SentinelOne and the vendor itself, we got it done, but we did 90% of the heavy lifting.

There were probably four or five people between all of our locations, but most of it was done remotely. There was no need to touch individual desktops. We were able to push most of it out.

SentinelOne was half the price of CrowdStrike.

We looked at all the big ones, such as CrowdStrike. That is the first one that comes to mind. We even looked at Microsoft Defender and Sentinel. We looked at a few other solutions out there. We had an IBM demo there, but I do not remember what theirs was called. Bitdefender was another one that we looked at.

We went to Singularity Complete for the feature set. They did not have a robust feature set the way CrowdStrike does, but they had everything that we needed. CrowdStrike had even more advanced features, but SentinelOne's pricing was half of what CrowdStrike sells for. It was a pretty easy decision for us to go with SentinelOne. They were much better than the other players that we looked at. It came down to between SentinelOne and CrowdStrike, and the pricing made all the difference. They also seemed pretty easy to deal with, whereas with CrowdStrike, it felt like they were doing us a favor. When we talked to them, I just did not get a great sense of them, but price was one of the main things. CrowdStrike's price was double of SentinelOne's price.

I would advise a couple of things. If you are using a reseller to buy this and install it for you, have a good reseller that you can call upon for support and help manage the project. The other thing that I would probably suggest is to negotiate your education up front and not after the fact. It does not come with a lot of training. They even charge for the online university, so you should probably negotiate that as a part of the negotiation process before you sign a deal. Other than that, it is good.

I would rate Singularity Complete a nine out of ten. For my use case, it is definitely a nine.

One of our use cases is that we wanted some type of visibility into our vulnerabilities and insight into our endpoints.

Ranger really helps us because, even though we're a smaller team of security professionals, it gives us a good eyes-on-glass approach. And if there is a known vulnerability, we can automatically see that without having to spend more time looking at it. In the past, we would do all of this manually. We would have to go into our systems and see which IP address is coming from the outside world and see the IP address, workstation, current version, hostname, MAC address, et cetera. Now, we can easily see that in the report that we get every day.

We used Rapid7, but Singularity has certainly helped reduce alerts. We have a threshold set in Singularity so that if one of our critical devices is vulnerable, we get automated email alerts. The alerts tell us what we need to look at in terms of logs and the like, and they help us automate some of our internal processes.

Personally, it has saved me a lot of time, about one-third of my day. And our mean time to detect has been reduced by anywhere from 45 minutes to an hour. But our mean time to respond has been pretty much about the same. I'm logging into SentinelOne every day and I see what's going on. If there is anything that needs to be talked about with our sysadmin team to get patches rolled out, we have a meeting about it every week. SentinelOne, overall, has brought our organizational risk down by at least 35 to 40 percent.

It helps us with our compliance efforts too, especially for auditing. If someone asks, "Do you have a list of all your endpoints?" we can definitely say "yes." And if they ask, "How is it categorized, by IP address, workstation, or OS?" we can see it's on this particular network and it's made by that manufacturer.

With Ranger, we can see the device inventory, the networks, how many workstations we have that it's scanning, how many printers, how many mobile and IoT devices, and servers.

It identifies what applications are vulnerable. If I go to the applications, such as Adobe Photoshop or Adobe Reader, I can see our current list of vulnerabilities: How many are vulnerable and how many need to be updated with patching. One of the most valuable aspects is the ease of finding specific vulnerabilities.

About every month, when I go into SentinelOne, if there is a vulnerability that we know about, I search for that vulnerability—for example, Adobe. There are different versions of Adobe, but I'm not able to compile them into one report. I have to create separate reports for those versions. Some of the reporting could be improved a little bit. I wish all Adobe products could be included together, or that you could mix and match Adobe with some other software or video player.

We have used SentinelOne for the last year and a half, and we're pretty happy with it.

I haven't had any issues with the platform. There hasn't been any crashing or lagging. Everything seems to be current. Overall, it's pretty seamless and I get really good results with it. I include it in my routine every morning and afternoon. I review the SentinelOne reports to see what vulnerabilities have been detected.

It is definitely scalable. You can really expand it and, for us, that is huge. As our organization grows, we will likely look at acquisitions, and, with those acquisitions, we will definitely get the other company's devices deployed through SentinelOne. It will allow us to grow and have their devices in the SentinelOne console as well, and have visibility.

I have contacted their support for a vulnerability issue, and they were able to help out with that. They told me how to get it remediated and what scan to perform.

It has helped us consolidate our security solutions. At one point, we had Rapid7 and SentinelOne. However, we realized we could take what Rapid7 has and consolidate it into one platform. At a high level, they're almost the same tool, but SentinelOne has a few more features and functionalities.

Also, we could see how many operating systems we have in our current environment through the standard image system we had. But now, we can see that through SentinelOne. That has been a key takeaway because we can see how many Windows, Linux, Apple, and Android devices we have.

In addition to Rapid7, we were looking at CrowdStrike for our endpoint detection, and at Sophos as well. Clearly, SentinelOne was the best for us.

SentinelOne is definitely a leader in the marketplace because it has a lot of features to offer. There are some pretty good integrations with it as well, and there are things you can change in the settings and how it's deployed.

The quality of the solution is great. I don't have any complaints other than that small reporting issue I mentioned. In terms of maturity, Singularity is one of the top-notch eyes-on-glass solutions that you can have, especially as it relates to your endpoints and vulnerabilities. It gives you that technical deep dive into what the vulnerability is, what workstation it's on, and whether there are any other endpoints affected.

There are some integrations that we could possibly use, but we haven't used any. There is one with KnowBe4 that we are looking to use.

As for maintenance, I don't have to do any in my role, but it does require some, such as upgrading versions.

If you're looking for a solution like SentinelOne, and you're looking to get an eyes-on-glass approach for your endpoint devices and your vulnerability management program, this could be one of your top solutions. Overall, I'm happy with it and my team is very happy with it. Our scans are fully automated and that is never an issue for us. It offers a lot of capabilities, expansion, and growth. If your company is looking to grow, it's definitely all there for you. You get a really good report on your devices and your networks.

I use SentinelOne Singularity Complete for endpoint protection and remediation. It protects all computers in my company and sends real-time alerts about malware, viruses, etc., that may have found a way through all of my company's defenses.

SentinelOne Singularity Complete has benefited my organization through its rapid ability to find new and existing malware that I must act on. As the solution uses AI technology, it's able to find both known and unknown threats.

My organization realized the benefits from SentinelOne Singularity Complete quickly from the time of deployment.

What I found most valuable in SentinelOne Singularity Complete is the ability to connect to the terminal remotely. The solution is pretty handy because it allows my company to do investigations and whatnot, wherever the person may be. After all, I belong to a hybrid organization, which means you never know if someone will be in the office.

It is another tool in the tool belt for looking at some of the files, which means that even if the file is not a virus, you can go in and do some investigation.

SentinelOne Singularity Complete has excellent interoperability with other SentinelOne solutions, including third-party tools. I was pleasantly surprised with how in-depth the APIs go because it's almost integrated with my company's SOAR solution, consolidating all alerts in one place and triangulating more per case. In my company, SentinelOne Singularity Complete is integrated with a third-party tool.

My impression of the ability of SentinelOne Singularity Complete to ingest and correlate data across security solutions is good so far, though right now, my company only set up SentinelOne Singularity Complete. Still, it's good that the integration option exists because, in the future, who knows? My company might do some integration depending on what the timing allows.

My company has not consolidated solutions yet because SentinelOne Singularity Complete is just one of the many tools used within my company. It's a helpful tool, but it's not the only player.

SentinelOne Singularity Complete helped free up staff for other projects and tasks and is time-saving, though I don't have specific data on that.

The tool has also helped reduce my organization's mean time to detect. However, I can't give an approximation just because SentinelOne Singularity Complete is the only solution my organization uses. The tool has also helped reduce my organization's mean time to respond because, together with the SOAR solution, SentinelOne Singularity Complete allows my company to go in and correlate everything to find out where the threat came from, so my company can go in and take the appropriate measures to shut down threats more reliably.

SentinelOne Singularity Complete has helped reduce organizational risk because it's one of the modern architecture tools, which gives more confidence in the detections my company sees. The tool also reduces the number of false positives and false negatives, so my company knows that if the tool shows a hit, then that truly warrants further investigation.

I'd give SentinelOne Singularity Complete an eight out of ten in terms of its ability to innovate because it's very much on par with a few other options out there, though I can't recall the names right now.

SentinelOne is an excellent strategic security partner that quickly incorporates my organization's feedback. My organization hasn't had any problems. If my team is looking for a feature, for example, SentinelOne either edits a roadmap or makes the change pretty quickly if there's bandwidth.

They say there is an investigation function in the interface of SentinelOne Singularity Complete, but it's not absolutely available for use. It's a function I've been looking for, but my company can't use it yet for some reason, so this is an area for improvement.

Another area for improvement in the tool is the larger learning curve that stems from it being full-featured, so there's a more significant learning curve in figuring out the environment versus using a more traditional antivirus. It's a lot more than just installing it on the machines.

The other disadvantage of SentinelOne Singularity Complete is that the agent doesn't auto-update, and my company found it more complicated than usual to get the agent updated and keep it updated.

I've been working with SentinelOne Singularity Complete for six months as an end user.

We didn't have any problems with the stability of SentinelOne Singularity Complete.

For the most part, SentinelOne Singularity Complete is scalable, but with my company's problem with auto-updates, it just means needing to rely on other tools to get new agents pushed out to the endpoints. It would have been better and more scalable if there was a way to update on the directory.

We found the technical support for SentinelOne Singularity Complete one of the best we've ever had to deal with, surprisingly, so we'd rate it as ten out of ten. If we open a ticket, we'll typically get some answers quickly, but for more complex issues, we have standing meetings with them that are set once a week so that they can go more in-depth.

Positive

My current organization only uses SentinelOne Singularity Complete, but in my previous organizations, more traditional antivirus was used, like BitDefender, and it was fine.

With SentinelOne Singularity Complete, I'm more confident that it can detect threats better and will miss fewer incidents coming in because of the more modern ways it detects malware.

I was not involved in the entire setup process for SentinelOne Singularity Complete, but it was mostly straightforward. However, getting the agents onto the machines was more complicated than the team would have liked.

The team started with a test machine and then expanded after issues arose, including figuring out how to fix the issues.

We implemented SentinelOne Singularity Complete in-house, with the support of the SentinelOne team, whenever we had questions.

I have seen ROI from SentinelOne Singularity Complete.

I have no information on the pricing or licensing cost for SentinelOne Singularity Complete.

I wasn't involved in evaluating solutions, so I'm unsure if the company evaluated other solutions before choosing SentinelOne Singularity Complete.

The organization I'm working for doesn't use the Ranger function of SentinelOne Singularity Complete. It uses a homegrown solution for network visibility.

I don't believe SentinelOne Singularity Complete has helped reduce alerts within the company, and it's not because it can't but because the SOAR solution handles the alerts and sends the alerts. Still, there is potential to improve the process.

I've not observed cost reduction or money saved from SentinelOne Singularity Complete just because it's such a small aspect in the grand scheme of things. It's tough to put a number on that.

Many people were involved in deploying SentinelOne Singularity Complete for the organization.

I'm the one maintaining the solution, and for my organization, in terms of scale, one person is sufficient to maintain SentinelOne Singularity Complete.

The solution is deployed on three thousand endpoints worldwide on both MacOS and Windows machines, along with an agent on the servers.

I advise others looking into implementing SentinelOne Singularity Complete to be prepared to work with the SentinelOne support team. Implementation is not hard to do, but the support team is there to help with much of the work and is happy to help. My standard advice is to ensure you're also checking out other providers. Just because the solution works for my organization, it doesn't mean it will work for yours. You have to find a solution that checks all the boxes for your organization.

I would rate SentinelOne Singularity Complete as eight out of ten.

We have it hooked up to our LogRhythm SIEM, which keeps track of all the events that are happening all around. That has been really helpful for us. We have SentinelOne Ranger that scans for devices on our network and finds the ones that do not have SentinelOne or the machines that we call rogues. The other function that we use is Deep Visibility. We pay for that, and it allows us to hunt for threats within our environment. It is also very important. We don't use Deep Visibility very often, but it is one of the more important things that we have in terms of the selection of products we pay for.

One of the big reasons we use it is for its ability to ingest and correlate across our security solutions. By virtue of going after an incident, we need to see step by step what happened. We have network solutions that show us where things came from network-wise. We have a vulnerability scanner for something that gets exploited, and then we have SentinelOne to see what is actually happening on machines. Maybe a process was launched. Maybe a file was clicked or an email was opened. That is a big part of how we use the tool.

Prior to having SentinelOne, we had CrowdStrike, which is a similar product. We decided to make the switch to SentinelOne because the biggest problem was that the previous endpoint detection response software we had did not support what we call legacy endpoints. Anything prior to Windows 7 was not supported by CrowdStrike. Being a manufacturing firm, we have quite a few old devices. That was one of the big things that sold us. SentinelOne also had significantly more competitive pricing than CrowdStrike, but the ability to protect older endpoints was the main motivating factor for us to make this switch.

We have been able to consolidate our security solutions. We had a handful of different solutions. SentinelOne Ranger scans for things. We used to have a product that did that, and we got rid of that. For deep visibility, we used to have a piece of software on each machine for historical data and events and things of that nature. We were able to get rid of that. Having an antivirus is also not really necessary because it is a next-generation AI-based antivirus. It does antivirus tasks, and it reduces the need for our traditional antivirus such as Kaspersky, Symantec, McAfee, etc. We were able to get rid of those as well, which is a good thing.

We have turned on the Ranger functionality. It is used for asset discovery, but only within a certain range and only if there are a certain number of machines. The way our settings are, if we have a cluster of five machines around it, it will essentially send out a signal and try to find the one without it. If we have five machines in our organization, it will look to see which one does not have SentinelOne around it. It can be helpful to find machines that were not deployed properly. It can also be helpful to find machines that were deployed by malicious actors and things of that nature. It also helps us to identify machines that have SentinelOne but are not responding right now.

It is a pretty big deal that Ranger requires no new agents, hardware, or network changes. We have deployed SentinelOne completely. There is probably no machine in our network that does not have it unless it has a very specific use case. Ranger helps us find those if they do exist. If need be, there is a setting within Ranger for deploying SentinelOne through Ranger. We have it turned off, but it is still useful. It is something we could use one day.

We typically use Ranger for vulnerability and not necessarily for the prevention of vulnerabilities, but it does give us a good idea of what is out there. For example, there is someone who is trying to do something malicious. It will heartbeat that, and it will see what is happening around that. If it sees, for example, command and control or something like that, it will identify it. It might quarantine it or turn your machine off to stop things.

Singularity Complete has helped to reduce alerts. One of the things we struggle with over time is trying to identify what is and what is not a real threat. It did take some tuning, but we went from having to investigate every little thing to being able to say, "Okay. This is a false positive. We know this. We have had this in our environment. We can exclude that." That frees up time for other things, so we can spend time focusing on malicious or bad things happening in our environment. We can work on projects and do some of the actual engineering.

Singularity Complete has helped free up our staff for other projects and tasks. We do not have to sit there and constantly monitor, which means that we can go ahead and do other things. We have a vulnerability scanner that we can use to start patching and tackling some of those vulnerabilities. We have our SIEM that we need to monitor for events and activities as well. We have network logs that should be gone through more. Because we have something that takes care of our endpoints, we can look at the focus of our business and do things there instead of having to worry about each machine individually.

The biggest thing that SentinelOne does is that it is constantly looking at our environment and other environments as a baseline of what should be happening or what could be happening. If something does not match the specific idea of what should be happening, it detects that and blocks that. If it is not sure what to do exactly, it quarantines a file or a folder or something like that until we have a chance to look at it. That is better than something getting through and causing damage before we can do anything about it. As long as a machine is connected to the network, it is pretty instant, but depending on what it is doing, it might take a little bit. There are some functions within it that do take a little more time to work. For example, the remediate and rollback functions do take time to work, but if it sees something as malicious, it will kill and quarantine that within a fraction of a second.

Singularity Complete has helped reduce our organizational risk. There is the part where it kills and quarantines things that are happening on machines, but there is also an element of visibility. Being able to see what we have gives us a better idea of what risks we have. From an inventory standpoint, everything is synced the second we deploy the image machine. Through that, we are able to see what is running on them, what they have installed, and things of that nature. We get a more holistic idea of what we actually have so that we know what to protect.

The terminating or killing remediation process that they use is top-notch. Pretty much anything that is even remotely malicious gets blocked by it within seconds. That is important for us. We have thousands of endpoints with tens of thousands of users. It is hard to do good security for that many people without some kind of automated detection and response. That is what SentinelOne does for us. It helps us automate that process.

Some of the reports that are exported through SentinelOne can be complicated for people who are not IT professionals. For example, we have some people within our leadership who would like to know why we are spending so much money on their product, and one of the ways that we are able to do that is through reports. Some of those reports are pretty easy to understand, and some of them are very complicated. Because they are not IT or security professionals, they may not have the same grasp. I wish their reporting feature was a little better. If they were able to export and make it a little more presentable, it would be great because this is something that we end up doing on our end where we take some of that data and make it look better. It would definitely save us time if it was a little prettier, for lack of a better word, from the beginning.

We have been using it for two and a half to three years. 

As far as I know, and I am the only one out of our three time zones who uses the tool, I have never had an issue with it. The only time we ever had problems was when someone made a change to some of the roles, but it was not a SentinelOne issue. For the most part, as long as you have set up the tool correctly, it functions pretty much 100%. I cannot think of a time when it was down.

We started out by having it deployed on a handful of machines as a proof of concept. From there, we were able to replicate it over and over in our environment. We are currently licensed for around 7,000 devices, and they made it pretty clear to us that if we decide to improve that or increase that, it would be a seamless process. They will just bump our licenses up and then we pay a little bit more. There is no real pain associated with that where you have to go back to the table, talk, and do things like that. It is a flip of a switch.

They were very helpful. They were knowledgeable. They definitely used the tool before. The questions they asked were good. They knew what logs to ask for. They knew what question to ask. They were pretty good. I would rate them a ten out of ten. They were knowledgeable. They were helpful. The turnaround time is good. They want to resolve the issue, and they are there to help.

Positive

We had CrowdStrike. We switched because of two things. One was the price. CrowdStrike was expensive, and the other thing was that we needed to protect legacy devices. As a manufacturing company, we have a lot of old software and hardware in our environment, and CrowdStrike did not protect those devices. We either had to come up with a solution where we network quarantine those machines or have them segmented somewhere so that they do not talk to anything else, or we just get SentinelOne and they function the same and require no extra work. As long as it is on there, it is protecting them, and it is much cheaper.

We have it almost entirely hosted in the cloud. We do deploy it via the deployment software that we use to deploy to our endpoints. We do have it in the cloud as well that we run through the command line and then point it to our management console, but we do not have it hosted on-premises. We like the idea of having things in the cloud at least for the specific instance.

I was not involved in its deployment. I came here a little bit later, but I got to talk to some of the people afterward. I am part of the deployment now, but I missed the boat by a handful of months.

It is pretty straightforward. The way it works is that you get what is called the management console URL, which is essentially when you install it, it tells you who the device belongs to. You put in your URL, you run a command from it on an executable, and then from there, it is on your machine. It is pretty straightforward.

The number of people involved in the deployment varies. We are a multi-continent and multi-country organization, so we had somewhere between 15 and 20 people working on it. In terms of the people who actually use it, there are probably five or six. We have one person who constantly works to deploy within North America and one person who works to deploy in APAC. We personally work to deploy it within EMEA and then the rest of it is us just working on maintaining it and making sure it is doing what it is supposed to be doing.

We previously had a different EDR solution called CrowdStrike, which was very robust but also very expensive. It did not have the features we were looking for from a legacy standpoint. My understanding is that we did a pretty good deal on SentinelOne. A part of that is because we were their customers very early on, and we also use their products a lot. We are interested in the new products that come out. We go to their demos, and we go to their events. We do save a lot of money. It is not cheap, but it is worth it. We spend a lot of money on a lot of things, and most of them do not do as much as SentinelOne.

It has gotten more expensive over time, but we have also gotten more features and value out of it. They have added things to it. From a pricing standpoint, it is expensive. It is one of the more expensive tools we have, but it also does more than almost every other tool that we have in our environment, so it makes sense.

We reevaluated CrowdStrike and realized that it was just not going to work for our purposes. I believe we looked at Sophos and Carbon Black. Carbon Black is a VMware product, and Sophos is a similar EDR solution.

From a quality standpoint, if you are willing to take the time to implement it and implement it well, it is a fantastic product. It is a massive part of our security posture. If you are looking to switch, doing a proof of concept will probably be good enough to make you realize the value it has. Sometimes, in the demos from vendors, you see the kind of things happening that are supposed to happen. It is, of course, going to block them, but during our proof of concept, we threw in different scenarios at it, and it handled every single one pretty flawlessly. That is a big part of why we ended up choosing it.

If you were a company that has legacy devices, it is a no-brainer as far as EDR solutions are concerned. If you are looking forward to an EDR solution in general, and you do not have legacy devices, SentinelOne is incredibly competitive. It has a lot of great features. It is priced very competitively. Their support is great, and the tool works. It does take some fine-tuning, but the tool works very well.

As a strategic security partner, SentinelOne is always trying to get us to work with some of their partners as well. From an integration standpoint, it does give us some options going forward where if, for example, we wanted to use a mobile device solution, they do have some integration with them. If you are a part of their ecosystem and you have a tool that you are interested in, they will let you know whether they have a partner that they work with. They will let you know that they have this tool. It works so far, and if you have a question or something like that, they can get you acquainted, which I appreciate.

Overall, I would rate it a ten out of ten. It is probably my favorite security tool from the ones we have.

We utilize SentinelOne Singularity Complete as an EDR and MDR solution for both our clients and internal operations.

We wanted to offer our clients a next-generation, AI-based antivirus solution for their endpoints, which is why we opted for SentinelOne Singularity Complete.

We incorporate SentinelOne Singularity Complete as a component of our multifaceted cybersecurity approach. Therefore, its capability for integration, as well as its capacity for data ingestion into NXDR, holds great significance for us.

SentinelOne Singularity Complete functions effectively in ingesting and correlating data across all our security solutions. While we employ an additional SOAR for more extensive correlation, SentinelOne Singularity Complete performs exceptionally well at the endpoint.

SentinelOne Singularity Complete is utilized as a component of our Managed Detection and Response service, resulting in a reduction in the number of alerts forwarded to us.

It helps free up our staff to focus on other projects.

SentinelOne has helped reduce our MTTD. It has also helped reduce our MTTR.

SentinelOne Singularity Complete helps our organization save money through pass-through cost savings.

It helps reduce the risk for our organization.

The most valuable feature is the machine learning capability, as opposed to the traditional rule-based antivirus. This is essential for effectively stopping malware attacks.

We are not utilizing all the features available with SentinelOne Singularity Complete, including the built-in XDR and Ranger, due to the substantial associated costs. There is potential for improvement in the cost aspect.

The area in which I would recommend SentinelOne to continue progressing is focused on enhancing its product. This involves not only internal development but also strategic partnerships similar to the Wiz integration which brings a lot of value.

I have been using SentinelOne Singularity Complete for three years.

It is stable. The downtime has been minimal.

The solution has met all of our scaling requirements.

I previously used ESET and McAfee. We sometimes still use Microsoft Defender for some use cases and we have some clients that still prefer to use CrowdStrike.

The implementation is carried out in collaboration with our partner, ConnectWise. While we handle the agent deployment, they manage all the configurations.

If we weren't using any protective measures, and we were consistently experiencing security breaches, this would result in an exponential level of risk when compared to an alternative solution. Expressing this concept can be quite challenging. How would we even identify if a breach has occurred? Typically, we'd notice something like data encryption taking place. 

So, I believe implementing robust cybersecurity measures is an essential aspect of operating in any technology-dependent field today. It's essentially become a fundamental requirement. That's how we perceive its significance in the present day. Therefore, we communicate this necessity to all our clients and that is where the return on investment can be perceived by using SentinelOne Singularity Complete.

The cost of utilizing all the features of SentinelOne Singularity Complete is high.

I rate SentinelOne Singularity Complete nine out of ten.

SentinelOne Singularity Complete EDR and MDR endpoint agent is a fantastic product. We layer that with other solutions as opposed to only using SentinelOne Singularity Complete.

SentinelOne is undoubtedly a market leader, and I believe it offers a comprehensive and excellent solution. It is on par with other next-generation or AI-based antivirus solutions available in the marketplace.

Depending on the organization's current solution, if they are transitioning from a product like ESET, then the approach to antivirus will be completely different. If they are transitioning from CrowdStrike, I believe the change will be less significant. Testing needs to be conducted, but I anticipate that they can observe immediate value from SentinelOne Singularity Complete. Furthermore, I am confident that they can deploy it without significant concerns about increased risk. Personally, I have never been worried about introducing additional risk by using SentinelOne Singularity Complete.

We utilize SentinelOne Singularity for endpoint malware protection and to gain visibility into threats across the network.

SentinelOne Singularity has the potential to ingest and correlate data across our security solutions.

Ranger provides network and asset visibility.

Ranger saves us time by not having to make changes to our hardware and systems.

Ranger helps prevent vulnerable devices from being compromised.

SentinelOne Singularity assisted our organization by saving deployment time and decreasing the volume of support calls.

Singularity helps reduce the number of alerts.

Singularity has helped our staff free up around 15 minutes of their time to focus on other projects.

It has reduced our MTTD.

It has helped our organization save costs through time savings.

The most valuable features include the agent installation and update processes.

The UI appears to be flat, and I wish to have the ability to customize it with features and buttons that are tailored to our needs.

I have been using SentinelOne Singularity Complete for seven months.

SentinelOne Singularity is stable. We have not experienced any crashes or downtime.

SentinelOne Singularity scaled easily in terms of deployment. We haven't experienced any performance issues, whether it's installed on a higher-end machine or a low-end machine. SentinelOne Singularity has been excellent.

We faced issues with our previous endpoint solution, Panda Adaptive Defense 360. SentinelOne Singularity seemed to be a more reliable and easier-to-manage alternative. Panda Adaptive Defense 360 caused significant downtime during deployments and updates.

The initial setup was straightforward. The deployment required three people.

The implementation was completed in-house.

We assessed McAfee, Trend Micro, and BlackBerry. We opted for SentinelOne Singularity due to its smaller footprint and more efficient software that uses fewer resources.

I rate SentinelOne Singularity a nine out of ten.

SentinelOne Singularity is a mature product.

Maintenance is necessary only when we are periodically carrying out updates.

Having a vendor like SentinelOne is crucial for a solid security strategy, as we aim for a product that seamlessly caters to both the IT department and end users. We intend to avoid exacerbating issues more than resolving them. Therefore, I believe SentinelOne is a suitable solution for us – easy to deploy and maintain on a daily basis.

I suggest trying out SentinelOne Singularity and comparing it to more traditional security vendors. SentinelOne Singularity offers a slightly distinct approach, but it's an effective method.